The title is vague, my first thought was "We already have MLKEM". Which is enough against passive attackers.<p>The article apparently is about the CA/certs for authenticating the server, a part of HTTPS
FWIW if you want to tinker on the topic I recommend OQS <a href="https://github.com/open-quantum-safe/" rel="nofollow">https://github.com/open-quantum-safe/</a> including Chromium, Apache, nginx, curl, etc. It's quite fun to play with.
What are appropriate default parameters?<p>The mozilla SSL Config Generator doesn't yet support PQ; it has Old, Intermediate, and Modern:
<a href="https://ssl-config.mozilla.org/" rel="nofollow">https://ssl-config.mozilla.org/</a><p>mozilla/ssl-config-generator:
<a href="https://github.com/mozilla/ssl-config-generator" rel="nofollow">https://github.com/mozilla/ssl-config-generator</a><p>"Chrome switching to NIST-approved ML-KEM quantum encryption" (2024) <a href="https://news.ycombinator.com/item?id=42265927">https://news.ycombinator.com/item?id=42265927</a><p>"ML-KEM Mythbusting" (2025)
<a href="https://news.ycombinator.com/item?id=46074381">https://news.ycombinator.com/item?id=46074381</a> re: AuthKEM
The pivot to MTC is a big change in the infrastructure of https. I wish other browsers were at least mentioned in this blog post. I'm curious about the future of letsencrypt as well.
Discussed few weeks ago on <a href="https://community.letsencrypt.org/t/post-quantum-crypto-roadmap/245173" rel="nofollow">https://community.letsencrypt.org/t/post-quantum-crypto-road...</a> specifically "The path we're more interested in is Merkle Tree Certificates, currently in design at the PLANTS working group at IETF. Chrome has indicated that they anticipate this to be their preferred approach to PQC. We're following that very closely, and are likely to deploy MTCs if it looks like that design is going to be supported widely." according to Matthew McPherrin, Let's Encrypt staff